LaravelSessionStore
SessionStore backed by Laravel’s session — the piece that makes the SSO bridge work across the browser redirect round-trip.
The vanilla package’s InMemorySessionStore lives and dies with a
single request, so PKCE verifiers written during startSso() would
be gone by the time the provider redirects back. Binding this store
(done automatically by VenAuthServiceProvider when the bridge is
enabled) persists:
- the auth-server token pair (
vauth.access/vauth.refresh) — kept so the app can make authenticatedRequest() calls on behalf of the federated user after the Laravel session is established; - per-state SSO payloads (
vauth.sso.{state}) with an expiry stamp, consumed atomically on callback.
Laravel’s session driver (cookie, redis, database) is the storage + integrity layer; nothing here writes its own cookies.
Methods
readSsoState()
function readSsoState(string $state): ?arrayReturns
array<string,mixed>|null
writeSsoState()
function writeSsoState(string $state, array $payload, int $ttlSeconds = 600): voidParameters
$payload—array<string,mixed>